These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE New Citizens Q&A

 
  • Topic is locked indefinitely.
 

What is CREST?

First post
Author
The Sun's Anvil
Jednota Inc
#1 - 2015-05-25 12:18:16 UTC
How is it different from character APIs? Is it safe?
L'ouris
Have Naught Subsidiaries
#2 - 2015-05-25 14:38:22 UTC
Crest is the api for the Eve servers.

If you have a programming sort of inclination, it allows you to pull all sorts of data from the eve universe, including character info your calling the character API.

It's all read only so yes it's safe.
Some folk are concerned about giving other folk the ability to see what market orders, assets and Eve-mails they have however as a privacy thing.

Many don't care and the character data pulled through crest is used for many more automated alliance and corp web driven tools by organizations in the game, including but not limited to authentication on org voice servers.

Crest is rather big as a topic and has its own dev blogs and forums to discuss leveraging it.
The Sun's Anvil
Jednota Inc
#3 - 2015-05-25 17:04:22 UTC  |  Edited by: The Sun's Anvil
Thanks. I guess what made me second guess it was not the character info, but the fact that it prompts you for your actual login name/pass. Its possible I suppose for 3rd party tools to abuse that?
ShahFluffers
Ice Fire Warriors
#4 - 2015-05-25 19:07:33 UTC  |  Edited by: ShahFluffers
The Sun's Anvil wrote:
Thanks. I guess what made me second guess it was not the character info, but the fact that it prompts you for your actual login name/pass. Its possible I suppose for 3rd party tools to abuse that?

The API is a "one-way-only" deal.

Even with a "Full-API" key, people can only see your character information, his/her stats (including market and industrial activities), and mail within the game.

They cannot affect your account... see your payment info... or really change anything for that matter.

edit: if any third-party site or application asks for your log-in information... DO NOT provide it. Only use those things on official CCP or EVE Online sites.


THAT SAID...

... people can use the info they gather from the API to see who you are associated with, what kinds of deals or tactics you have made (if you put that info in your in-game mailbox), where you are basing out of, what your skills are like, what ships you have, etc.
This info can be accessed as much as desired until you delete the key in your API management.

... being on a killboard does not require an API or your permission. Someone simply needs to kill you.
The Sun's Anvil
Jednota Inc
#5 - 2015-05-25 19:13:42 UTC  |  Edited by: The Sun's Anvil
You're referring to API key. I was mainly asking how CREST differed from API key and what the risks are of entering your actual login info when a 3rd party tool prompts...which I would think, unlike an API key, could in fact be captured and used to access your account proper, or is the CREST prompt separate.

For example, for some things to work in EVERNUS, it opens a browser thus:

https://login-tq.eveonline.com/Account/LogOn?ReturnUrl=%2foauth%2fauthorize%3fresponse_type%3dcode%26redirect_uri%3dhttp%3a%2f%2fevernus.com%2fcrest-authentication%2f%26client_id%3d1e81bf658b5f4a56a5fbdc091b2febfd%26scope%3dpublicData&response_type=code&redirect_uri=http://evernus.com/crest-authentication/&client_id=1e81bf658b5f4a56a5fbdc091b2febfd&scope=publicData

Do we take the root domain of that link as being a legit login to CCP?
Tau Cabalander
Retirement Retreat
Working Stiffs
#6 - 2015-05-25 20:47:15 UTC
The Sun's Anvil wrote:
How is it different from character APIs? Is it safe?

https://developers.eveonline.com/resource/crest

This is really a topic for the EVE Technology Lab forum.
Elena Thiesant
The Scope
Gallente Federation
#7 - 2015-05-25 21:27:19 UTC  |  Edited by: Elena Thiesant
What you're asking about is the EVE Online Single Signon facility, not strictly CREST. Crest uses single signon, not the other way around.

http://community.eveonline.com/news/dev-blogs/eve-online-sso-and-what-you-need-to-know/
Bloemkoolsaus
Deep Core Mining Inc.
Caldari State
#8 - 2015-05-26 11:15:26 UTC
The Sun's Anvil wrote:
Thanks. I guess what made me second guess it was not the character info, but the fact that it prompts you for your actual login name/pass. Its possible I suppose for 3rd party tools to abuse that?


That is the eve sso (single sign on) as linked above me.
3rd party tools can not get your login info throuh sso or crest. Only that wich you choose to enable through crest is exposed.

The sso and crest are a replacement for the api keys. We will no longer need to create and maintain the cumbersome api keys.
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#9 - 2015-05-26 11:34:17 UTC
Right now, CREST doesn't provide any data which isn't public (on TQ)

In the nearish future, it will start to present historical character data (like how much damage you did with lasers over the last year, how much Veld you mined, and so on). This will require you to approve the specific scope when it's requested.

In much the same way as, if you were to log into something using twitter, you have to approve the list of things it wants to be able to do. (read tweets, post tweets, etc)

As long as you, when logging into the SSO or CREST (CREST is an expansion of the SSO) check that the url is an eveonline.com one, you're pretty much safe. Don't trust applications which ask for your details, only trust the website. (A properly done app will throw you out to the browser to auth, then come back)

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter

Kale Freeman
Garoun Investment Bank
Gallente Federation
#10 - 2015-05-26 12:09:20 UTC
Or at least throw you out to an application that looks like a browser.